💼 SI-2 Flaw Remediation

ID: /frameworks/nist-sp-800-53-r5/si/02

Stats

not available

Description

a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install security-relevant software and firmware updates within [Assignment: organization-defined time period] of the release of the updates; and d. Incorporate flaw remediation into the organizational configuration management process.

Similar

Sections
- /frameworks/aws-fsbp-v1.0.0/auto-scaling/01
- /frameworks/aws-fsbp-v1.0.0/dms/06
- /frameworks/aws-fsbp-v1.0.0/ecs/10
- /frameworks/aws-fsbp-v1.0.0/ecs/12
- /frameworks/aws-fsbp-v1.0.0/eks/02
- /frameworks/aws-fsbp-v1.0.0/elastic-beanstalk/01
- /frameworks/aws-fsbp-v1.0.0/elastic-beanstalk/02
- /frameworks/aws-fsbp-v1.0.0/elasticache/02
- /frameworks/aws-fsbp-v1.0.0/lambda/02
- /frameworks/aws-fsbp-v1.0.0/opensearch/10
- /frameworks/aws-fsbp-v1.0.0/rds/06
- /frameworks/aws-fsbp-v1.0.0/rds/13
- /frameworks/aws-fsbp-v1.0.0/rds/19
- /frameworks/aws-fsbp-v1.0.0/rds/20
- /frameworks/aws-fsbp-v1.0.0/rds/21
- /frameworks/aws-fsbp-v1.0.0/rds/22
- /frameworks/aws-fsbp-v1.0.0/rds/35
- /frameworks/aws-fsbp-v1.0.0/redshift/06
- /frameworks/aws-fsbp-v1.0.0/ssm/02
Internal
- ID: dec-c-92a003c3

Similar Sections (Take Policies From)

Section	Internal Rules	Policies	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [AutoScaling.1] Auto Scaling groups associated with a load balancer should use ELB health checks	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.6] DMS replication instances should have automatic minor version upgrade enabled	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.10] ECS Fargate services should run on the latest Fargate platform version		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.12] ECS clusters should use Container Insights			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.2] EKS clusters should run on a supported Kubernetes version			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElasticBeanstalk.1] Elastic Beanstalk environments should have enhanced health reporting enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElasticBeanstalk.2] Elastic Beanstalk managed platform updates should be enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.2] ElastiCache clusters should have automatic minor version upgrades enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Lambda.2] Lambda functions should use supported runtimes		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.10] OpenSearch domains should have the latest software update installed		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.6] Enhanced monitoring should be configured for RDS DB instances		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.13] RDS automatic minor version upgrades should be enabled	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.19] Existing RDS event notification subscriptions should be configured for critical cluster events		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.20] Existing RDS event notification subscriptions should be configured for critical database instance events		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.21] An RDS event notifications subscription should be configured for critical database parameter group events		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.22] An RDS event notifications subscription should be configured for critical database security group events		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.35] RDS DB clusters should have automatic minor version upgrade enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.6] Amazon Redshift should have automatic upgrades to major versions enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [SSM.2] Amazon EC2 instances managed by Systems Manager should have a patch compliance status of COMPLIANT after a patch installation			no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 FedRAMP High Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2	7	24	no data
💼 FedRAMP Low Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)			24	no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			47	no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			62	no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			62	no data

Sub Sections

Section	Internal Rules	Policies	Compliance
💼 SI-2(1) Flaw Remediation _ Central Management			no data
💼 SI-2(2) Flaw Remediation _ Automated Flaw Remediation Status	1	9	no data
💼 SI-2(3) Flaw Remediation _ Time to Remediate Flaws and Benchmarks for Corrective Actions			no data
💼 SI-2(4) Flaw Remediation _ Automated Patch Management Tools		9	no data
💼 SI-2(5) Flaw Remediation _ Automatic Software and Firmware Updates	2	9	no data
💼 SI-2(6) Flaw Remediation _ Removal of Previous Versions of Software and Firmware	6	6	no data

Policies (17)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢	1	🟢 x6	no data
🛡️ AWS DMS Replication Instance Auto Minor Version Upgrade is not enabled🟢	1	🟢 x6	no data
🛡️ AWS EC2 Auto Scaling Group behind ELB doesn't use ELB health check🟢	1	🟢 x6	no data
🛡️ AWS ECS Fargate Service platform version is outdated🟢	1	🟢 x6	no data
🛡️ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟢	1	🟢 x6	no data
🛡️ AWS Elastic Beanstalk Environment does not have managed platform updates enabled🟢	1	🟢 x6	no data
🛡️ AWS ElastiCache Redis Cluster Auto Minor Version Upgrade is not enabled🟢	1	🟢 x6	no data
🛡️ AWS Lambda Function Runtime is deprecated🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain latest Service Software Update is not installed🟢	1	🟢 x6	no data
🛡️ AWS RDS Cluster Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance Auto Minor Version Upgrade is not enabled🟠🟢	1	🟠 x1, 🟢 x6	no data
🛡️ AWS RDS Instance Enhanced Monitoring is not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Multi-AZ Cluster Auto Minor Version Upgrade is not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Parameter Group Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS RDS Security Group Event Subscription for critical events is not configured🟢	1	🟢 x6	no data
🛡️ AWS Redshift Cluster automatic major version upgrade is not enabled🟢	1	🟢 x6	no data

Stats​

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (17)​